[
https://issues.apache.org/jira/browse/SOLR-13649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16917485#comment-16917485
]
Jan Høydahl commented on SOLR-13649:
------------------------------------
{quote}I have added the appropriate tests and now throw an exception if a user
attempts to delete the final user or enable the basic auth plugin without at
least one user
{quote}
Elegant solution.
See PR for some additional comments, in particular on the major test changes -
you may want to explain more of your reasoning for changing the entire test
instead of adding blockUnkow=false to the config in that test which would be
much less intrusive?
> BasicAuth's 'blockUnknown' param should default to true
> -------------------------------------------------------
>
> Key: SOLR-13649
> URL: https://issues.apache.org/jira/browse/SOLR-13649
> Project: Solr
> Issue Type: Improvement
> Components: Admin UI, Authentication, security
> Affects Versions: 7.7.2, 8.1.1
> Environment: All
> Reporter: Marcus Eagan
> Assignee: Shalin Shekhar Mangar
> Priority: Major
> Labels: Authentication
> Fix For: master (9.0)
>
> Time Spent: 5h 40m
> Remaining Estimate: 0h
>
> If someone seeks to enable basic authentication but they do not specify the
> {{blockUnknown}} parameter, the default value is {{false}}. That default
> behavior is a bit counterintuitive because if someone wishes to enable basic
> authentication, you would expect that they would want all unknown users to
> need to authenticate by default. I can imagine cases where you would not, but
> those cases would be less frequent.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
